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Abstract. In this paper, we propose a theoretical framework to con- 
struct matching algorithms for any biometric authentication systems. 
Conventional matching algorithms are not necessarily secure against 
strong intentional impersonation attacks such as wolf attacks. The wolf 
attack is an attempt to impersonate a genuine user by presenting a "wolf" 
to a biometric authentication system without the knowledge of a genuine 
user's biometric sample. A "wolf" is a sample which can be accepted as 
a match with multiple templates. The wolf attack probability ( WAP) is 
the maximum success probability of the wolf attack, which was proposed 
by Une, Otsuka, Imai as a measure for evaluating security of biomet- 
ric authentication systems [UOIl], [UOI2]. We present a principle for 
construction of secure matching algorithms against the wolf attack for 
any biometric authentication systems. The ideal matching algorithm de- 
termines a threshold for each input value depending on the entropy of 
the probability distribution of the (Hamming) distances. Then we show 
that if the information about the probability distribution for each input 
value is perfectly given, then our matching algorithm is secure against 
the wolf attack. Our generalized matching algorithm gives a theoretical 
framework to construct secure matching algorithms. How lower WAP is 
achievable depends on how accurately the entropy is estimated. Then 
there is a trade-off between the efficiency and the achievable WAP. Al- 
most every conventional matching algorithm employs a fixed threshold 
and hence it can be regarded as an efficient but insecure instance of our 
theoretical framework. Daugman's algorithm proposed in [Da2] can also 
be regarded as a non-optimal instance of our framework. 



1 Introduction 

Biometric authentication systems automatically identify or verify individuals by 
physiological or behavioral characteristics. They are used in various services such 
as the immigration control at an airport, the banking transactions at an ATM, 
the access control to restricted areas in a building, and so on. The increase in 



the need of biometric authentication systems makes it important to explicitly 
evaluate the security of them. 

The false acceptance rate {FAR) (see the definition (3) in Section 2.2) is tra- 
ditionally used as a security measure against the zero-effort impersonation at- 
tack. The zero-effort approach assumes that an attacker will present his /her own 
biometric data. But, it is clearly not a rational assumption, since an attacker 
attempting to impersonate a genuine user will try to present a biometric data 
of the genuine user or its imitation. 

Ratha et al. approximately calculate the success probability of a brute-force 
attack in a typical fingerprint-minutiae matching algorithm [RCBl]. The brute- 
force approach assumes that an attacker blindly selects an input value. However, 
if an attacker has some information about the algorithm employed in the sys- 
tem, the attacker might be able to find a sample which shows high similarity to 
most of the templates. Such a biometric sample is called a wolf (cf. [ISOl]). An 
attacker could impersonate a genuine user with much higher probability than 
FAR by presenting a wolf to a biometric authentication system. 
With regard to the artefact attack, Matsumoto et al. showed that some bio- 
metric authentication systems often falsely accepts some artefacts [MMYHl]. 
Therefore we should assume that an attacker may find a special input value not 
only from biometric samples but also from non-biometric samples. Unc, Otsuka, 
Imai extended the definition of a wolf to include a non-biometric input value and 
defined the wolf attack probability (WAP) (see Definition 3) [UOIl], [U0I2]. 
WAP can be regarded as the upper bound of the success probability of attacks 
without the knowledge of a genuine user's biometric sample. Une, Otsuka, Imai 
proposed that WAP can be used as a security measure to evaluate the lower 
bound of a security level in a biometric authentication system. 
Our goal is to propose a theoretical framework to construct matching algorithms 
for biometric authentication systems. Almost every conventional matching algo- 
rithm employs a fixed threshold determined based on FAR and the false rejec- 
tion rate (FRR) (see the definition (1) in Section 2.1). It is not necessarily secure 
against the wolf attack. Une, Otsuka, Imai showed that in some of such match- 
ing algorithms, there actually exist strong wolves and WAP can be extremely 
higher [UOIl], [U0I2]. Surprisingly, as far as wc know, no research have been 
conducted on security of matching algorithms until now. This is the first paper 
which studies the security characteristics of matching algorithms and gives a 
theoretical framework how to construct them securely. 

Suppose a matching algorithm employs a threshold determined by the entropy 
of the probability distribution for each input value. We prove that if the entropy 
for each input value is perfectly given, then the matching algorithm is secure 
against the wolf attack (Theorem 1, 2). 

In the real world, it might be difficult to perfectly calculate the entropy for each 
input value, however, a more accurate computation of the entropy can achieve 
a lower WAP. Then there is a trade-off between the efficiency of the matching 
algorithm and the achievable WAP in the matching algorithm. 
Previous results can be regarded as instances of our theoretical framework. Al- 



most every previous matching algorithm employs a fixed threshold. In our the- 
oretical framework, it can be regarded as an efficient instance which assumes 
all input values have the same entropy. However, as mentioned above, it is not 
exactly secure against the wolf attack. 

Daugman proposed a matching algorithm in which a threshold is determined for 
each match by taking account the number of bits available for comparison [Da2] . 
His method can also be regarded as an instance of our framework, which assumes 
every bit of a sample independently and identically contributes to the entropy 
of the probability distribution. WAP in his algorithm can be relatively lower 
than that in an ordinary algorithm employing a fixed threshold. However, his 
matching algorithm is not necessarily secure against the wolf attack (see details 
in Section 4), since we have to assume that an attacker knows more accurate 
information about the probability distributions. 

This paper continues as follows. In Section 2, we will briefly introduce a typical 
model of biometric authentication systems and give explicit definitions of FAR, 
WAP, and security against the wolf attack. Our proposal can be easily adapted 
to all matching algorithms of all modalities that employ symmetric prametric 
functions such as the ordinary (Hamming) distance as the dissimilarity measure. 
We will construct matching algorithms in the general case (Theorem 1) and in 
the normal distribution case (Theorem 2) and show that these matching algo- 
rithms arc secure against the wolf attack. They give a theoretical framework to 
construct secure matching algorithms for any biometric authentication systems. 
In Section 4, wc will reconsider previous results in our theoretical framework. 

2 Model (Preliminaries) 

A biometric authentication system can be used for verification or identification of 
individuals. In verification, a user of the system claims to have a certain identity 
and the biometric system performs a one to one comparison between the offered 
biometric data and the template which is linked to the claimed identity. In 
identification, a one to all comparison is performed between the offered data 
and all available template stored in the database to reveal the identity of an 
individual. In this paper, we will discuss verification systems. 
Let U he a. set of all possible users of the biometric authentication system. 
Namely is a set of all human individuals. For each user u G U, the identity of 
u can be denoted by u, namely the identities of users can be identified with L(. 
Let A4 he a, finite set with a symmetric prametric function d : Ai x M ^ R, 
namely d{x, y) = d{y, x), d{x, y) > 0, d{x, x) = for all x,y G M. 
In an enrollment phase, for any user u U, an acquisition device measures 
a biometric data of u. After processing the measurement data and extracting 
relevant features, the features are represented as an element t„ of M . Then the 
template tu oi u G U is stored in the database of the system. In a verification 
phase (matching phase) match, a user v € U claims an identity w £ U and a 
biometric measurement is acquired from v. This measurement is also transformed 
into an element s of M. A matching process compares s with tyj and match 



generates a message, accept or reject, by a predetermined threshold t G M>o as 
follows: 

matchi w) — i accept \i d{s,t.uj) < t 
' ^ ' ' \ reject if d(s, t^,) > r . 

Each user u Cz U enrolls and offers a certain biometric sample of u in an enroll- 
ment phase and a verification phase, respectively. Therefore U can be regarded 
as a set of the biometric samples of users. For each biometric sample u € Li, 
let Xu be a random variable on M representing noisy versions of u, namely 
P{Xu = s) denotes the probability that biometric data of u will be transformed 
into s Cz A4. Assume that the X^, u €z U, arc independent. 

2.1 The false rejection rate 

The false rejection rate (FRR) is the probability that a genuine user is rejected, 
namely it is defined by 

FRR = AyeP( match{u, u) = reject) 



-E E p{Xu^s)p{x^^t) 

d(s.t)>T 

1--E E piXu = s)Pix^ = t) (1) 



d(s,t)<r 



where n = ^U. For each user u £ U, let FRRu denote the probability that 
the user u with the correct identity claim u will be rejected. Namely, FRRu is 
defined by 

FRRu = = *)^(^- = 

(s,t)eA4x 
d{s,t)>T 

= 1- P{Xu^s)P{Xu^t) . (2) 

{s.t)eMy.M 
d{s,t)<T 

It is easy to check that FRR = — FRRu- 



n 
ueu 



2.2 The false acceptance rate 

The false acceptance rate {FAR) is the probability that an offer of a user with a 
wrong identity claim will be incorrectly accepted, namely FAR is defined by 

FAR = Ave Pi match(u,v) = accept) 

= E E PiXu^s)P{X,^t) . (3) 

Ujtu d{s,t)<T 



The measure FAR is traditionally used to express a recognition accuracy of 
biometric systems. It is also used as a measure to evaluate the security of systems 
against the zero-effort impersonation attack. 

The zero-effort approach assumes that an attacker attempting to impersonate a 
genuine user will present his/her own biometric data. This assumption is clearly 
so far from reality, since an attacker will try to present a biometric data of a 
genuine user or its imitation. 



2.3 The wolf attack probability 

Une, Otsuka, Imai proposed a new security measure for biometric authentication 
systems [UOIl], [U0I2]. If an attacker can find an input value which matches 
many templates, then he succeed in impersonating a genuine user with a higher 
probability than FAR by presenting the input value to the biometric authenti- 
cation system. Such an input value obtained from a biometric sample is called 
a wolf by many authors (cf. [ISOl]). However, such an input value might be 
obtained not only from biometric samples but also from non-biometric samples. 
Matsumoto et al. show by experimentation that some artefacts can be falsely 
accepted in some biometric authentication systems [MMYHl]. 
Considering these facts, we will extend the definition of a wolf as follows. 
Let ^ be a set of all possible samples including non-biometric samples such as 
artefacts or synthetic samples. For each w G A, let FARw denote the probability 
that the sample w with a wrong identity claim v ^ w will be incorrectly accepted 
and let AR^ denote the probability that the sample w with random claim will 
be accepted. Namely, FAR^ and AR^ are respectively defined by 

FAR^ ~ Ave P{match{w, v) — accept) 

v£Vl\{w} 

^ E E p{x^-^^)Pix.^t), (4) 



* <.,„^.^ 

ARii, = Ave P{match{w,v) = accept) 



= ^E E P{X^ = s)P(X,,^t) . (5) 



n 

d(s.t)<T 



It is easy to check that FAR = — FAR^- The following theorem describes 

n 
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the relation between FRR^,, FARyj and AR^}- 
Lemma 1. 

( FARu, ifw€ A\U 

" I ^(1 - FRR^) FAR,, ifweU . 



Therefore it immediately follows that 

ARu = -(l- FRR)+ (l--) FAR . (7) 



n 



Proof. For any w G A\U, it is clear that ^i?™ = FAR^i,, since U\{w} = U. For 
any w £ U, from the definitions (2), (4) and (5) of FRR^, FAR^^ and AR^^, 
respectively, we have 



ARy, - - y PiX^ - s)P{Xy, = t) 

{B,t)eMxM 
d{s,t)<T 

+ 1 y y p{x.^^s)P{x^=t) 

veU\{w} (s.t)e-MxAi 

d(s,t)<T 

= -(1-Fi?i?^,)+ 1 1- -V-^^"' • 
n \ n J 

Therefore the results follow. □ 

Put 



AR^-Y' ARu = -(1 - FRR) + | 1 - - 



n 



FAR 



Note that usual biometric authentication systems obviously satisfy FAR < 1 — 
FRR, namely FAR < AR. 

Definition 1. (cf. [UOIl, Definition 3]) A wolf is defined as a sample w £ A 
such that ARw > AR. 

For any AR < p < 1, a wolf w such that AR^^ = p is called a p-wolf. In 
particular. 1-wolf is called a universal wolf. 

Definition 2. [UOIl, Definition 4] Assume the following two conditions. 

(i) The attacker has no information of a biometric sample of a genuine user to 
be impersonated. 

(ii) The attacker has complete information of the algorithms employed in the 
enrollment phase and the verification phase. 

The wolf attack is defined as an attempt to impersonate a genuine user by pre- 
senting p-wolves with large p 's to minimize the complexity of the impersonation 
attack. 

Definition 3 (Wolf attack probability (WAP)), (cf. [UOIl, Definition 5]) 
The Wolf attack probability is defined by 

WAP ~ max Ave P( match(w, v) ~ accept) ~ max^i?^, . (8) 



It is clear that AR < WAP. Therefore, if FAR < 1 - FRR, then we have 

FAR < AR = Ave ARu < WAP. 

ueu 

Definition 4 (Security against the wolf attack). For any 6 > 0, a biometric 
authentication system is S-secure against the wolf attack if WAP < 6, namely 
there exist no wolf w € A such that AR^ > S. 

If we use only FAR as a security measure against impersonation attacks, then we 
cannot explicitly evaluate the security against wolf attacks. Unc, Otsuka, Imai 
proposed to evaluate the security level against the wolf attack by computing 
WAP [UOIl], [U0I2]. 

3 Matching algorithms secure against the wolf attack 

For each s E A4 and x E M>o, the probability Ps{x) that a template t E M 
obtained from a biometric sample of a user will be at a distance less than x from 
s is defined by 

^^(^) = ^E E pi^^ = t) ■ (9) 

d(s,t)<w 

Then we have 

AR^ = Pi^^ = s)Ps{r) . 

3.1 General case 

Fix 6 > 0. Then we will construct a matching algorithm (5-secure against the 
wolf attack as follows. 

Almost every conventional matching algorithm employs a fixed threshold t pre- 
determined based on FRR and FAR. However, we will employ a threshold r, 
determined for each element s E M obtained from the sample w E A offered in 
the verification phase. For each s E A4, put 

Ts = max{a; E R>o \ Ps{x) < S} . 

Note that a set 5* = {x e R>o | Ps{x) < 6} is, a. non-empty closed subset of ]R>o 
and therefore there exists the maximum of S. 

For the implementation, we need to gather enough templates from each v E U 
and estimate the probabilities P{Xy ~ t) for all t E M. Then we can determine 
the threshold Ts for each s e by doing the exhaustive search of all possible 
a; > such that Ps{x) < 6. 
It is clear that 

WAP = maxy^ P{X^ ^ s)P,{t,) < 6 . 



The above discussion gives the following theorem. 



Theorem 1. If the information about the probability distribution Ps{x) for each 
s ^ M is completely given, then, for any 5 > 0, we can construct a matching 
algorithm S-secure against the wolf attack. 



3.2 Normal distribution case 

We assume that the distribution Ps{x) is normal with mean rrig and standard 
deviation for each s e A^, namely 

for any x > 0. More strictly, we assume that Ps{x) can be approximately es- 
timated by the above equation. The distributions of Hamming distances for 
Daugman's iriscode satisfy this assumption (cf. [Dal], [Da2]). Some authors use 
the Gaussian assumption as the basis of their analysis (cf. [AYLl], [Kal], [Wal]). 
In general, the real-valued features will tend to approximate a Gaussian distribu- 
tion when they are obtained by a linear combinations of many components, e.g. 
feature extraction techniques based on the principle component analysis (PCA) 
or the linear discriminant analysis (LDA) (cf. [AYLl]). Under this assumption, 
we can construct a secure and simple matching algorithm and show that the 
matching algorithm is optimal, namely WAP is minimized to the (almost) same 
value as AR. 

Define the entropy H{P) of the probability distribution P by 

/oo 
-P{x) log2 P{x) dx . 
-OQ 

By the assumption (10), it can be easily checked that 

if(P,) = log2 (V2^-a,) . (11) 



We work with entropies H(P) of continuous probability distributions P. Then 
the entropy H{P) is not always non-negative. It is clear from (11) that if as < 

then H{Ps) < 0. Note that if a fixed threshold is employed, then an input 



V27re 

value s € A4 which has higher entropy H(Ps) and therefore larger deviation a, 
can be accepted with higher probability. 
Fix a real number a. For each s € A4, put 



a2 



V27re 

where Hg ~ H{Ps). By the assumption (10), we have 



(12) 



(13) 



for all s e M. Put 




The following theorem can be immediately proved. 

Theorem 2. Assume that the standard deviation as {or the entropy Hg) and 
the mean wls are perfectly given for each s ^ Ai. Then the matching algorithm 
employing the thresholds Ts, s £ M., defined by (12) is 5{a)-secure against wolf 
attacks. Moreover, we have AR^ = AR = WAP = S{a) for all w € A. 

Proof. By the calculation (13), for all w £ A, wc have 

AR,, = ^(^- = ^)Psirs) = Sia) . 

Therefore the results follow. □ 

Our generalized matching algorithm gives a theoretical framework for construct- 
ing matching algorithms secure against the wolf attack for any biometric authen- 
tication system. Under the ideal condition that for each s G A4, the distribution 
Ps(x) is completely calculated, our matching algorithm is optimal against the 
wolf attack. 

In the real world, it might be difficult to explicitly calculate the distribution 
Ps(x) for all s S A^, however, a more accurate computation of as, Hs, or rus 
for each s e can achieve a lower WAP. Consequently, there is a trade-off 
between the efficiency of the matching algorithm and the security evaluated by 
the achievable WAP. In the next section, we will reconsider previous results as 
instances of our theoretical framework. 



4 Previous results in our framework 

In this section, we will review previous results in the context of our theoretical 
framework. 

A conventional matching algorithm employing a fixed threshold can be viewed 
as an efficient instance of our framework, which assumes every input value has 
a constant entropy instead of computing the entropy for each input value. Such 
a matching algorithm is not secure against the wolf attack. 
Daugman proposes a matching algorithm which employs a variable threshold 
in place of a fixed threshold as follows [Da2] . He employs a fractional Hamming 

distance d = fHD defined by fHD{s, t) = ^^[^'^^ for any s, i e X = {0, 1}^°^^, 

k 

where k is the number of bits available for comparison. He determines a threshold 
depending on k as follows: 



(14) 



where - is the average of fHD{s, t) estimated from his database. His algorithm 

can also be regarded as an instance of our framework, which assumes every 
bit of each sample independently and identically contributes to the probability 
distribution. 

However, his algorithm is not necessarily secure against the wolf attack, since 
every bit is not exactly independent and identical and the distributions Psix), s € 
A4, can be considerably different from each other. We assume that an attacker 
has more accurate information about the distributions Psix), s G A^. If the 
attacker can successfully find a smart input value s Cz A4 such that the entropy 
H{Ps(x)) is extremely high, then he can be incorrectly accepted with much 
higher probability than AR. 

Daugman's matching algorithm is not always secure against the wolf attack, 
however, it motivated us to research a theoretical framework to construct secure 
matching algorithms. 
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